Lowtax Network

Back To Top

How Tax Professionals Can Protect Client Data

Chester Avey
13 January, 2022

As any tax professional will know, emails and texts trying to entice people to follow links or respond in a way that will benefit a scammer are a common occurrence. But they pose a serious data theft risk and without a proper plan in place to protect sensitive information, an error could result in your clients' data being hacked, which, in turn, can also damage your reputation as a business.

Staying on top of your data protection methods is critical when you're dealing with client data. Here's how you can implement better practises to keep your business secure from data theft and ransomware attacks.

Download A VPN

A Virtual Private Network (VPN) creates a tunnel that connects you to another network safely and securely. VPNs can be used to hide your location and mask your IP address, and means you can connect to different servers from multiple locations using the server's internet connection. Even if the server being used is in a different country, it will appear as though you're browsing from that country. However, for tax professionals and accountants, VPNs have one very specific benefit - they encrypt all communication using an Advanced Encryption Standard which protects classified data and prevents it from being stolen.

Protect Against Ransomware

Ransomware has become an increasingly prevalent issue not just for tax businesses, but across a host of sectors. Research suggests that many incidents are actually caused by insider threats, such as fraud from internal parties. Something that many companies struggle with is identifying the warning signs of internal threats, as many of them are caused accidentally. Tax businesses need to improve their employee training and log policies, and apply the Principle of Least Privilege to staff. This will limit network access to those who actually require it for their work. Utilising Endpoint Detection and Response Technology to detect abnormal activity will also help prevent issues before it's too late.

Keep Back-Ups

Back-ups are essential in mitigating the risk of ransomware attacks, and also ensure that you have peace of mind if an error should occur. Tax professionals should have a secure, robust back-up routine which copies crucial files and data off-site numerous times a day so that in the event of data theft or an attack, they can be recovered easily with minimal data loss.

There are three types of back-ups: full, incremental and differential. Full data back-ups create a copy of all data sets, and while it can take a lot of storage space, it's the best way to prevent data loss. Most businesses perform a full back-up from time to time. Incremental back-ups provide a back-up of the modified files since the last full back-up. The downside of this type of download is that using it during a full restoration can take longer to recover the information as it's slower.

Finally, differential back-ups copy all modified data from the last full system back-up. It's quicker to restore as it only involves the previous full back-up and the last differential back-up. Businesses should use a mix of these methods for continuous data access and protection.

Implement Multi-Factor Authentication

Multi-Factor Authentication may be used by tax professionals when using software, but it's something that should be implemented at all times, such as when you're accessing client portals or web-based email accounts. This will provide additional protection against data theft and when used throughout the day (not just when you're logging onto your computer) it will form a habit to continually protect sensitive information. Alongside authentication, all staff should use strong passwords with a minimum of 12 characters and change them regularly - at least every 90 days.

Have A Remote Policy In Place

In light of pandemic restrictions, working remotely has become the norm for many of us, and a necessity in some cases. This means that a large proportion of your staff may be using their own equipment to work, either full-time or at least on a part-time basis. It's essential that remote employees follow the same protocols that they would in the office, and that they take extra care when leaving equipment laying around or logging-off at the end of the day, as they could be putting the business and clients at risk of data theft if their laptop or log-in details end up in the wrong hands.

Use The Latest Antivirus Software

Last but not least, using up-to-date antivirus software will ensure that computers, network drives and mobile phones are regularly scanned to identify any risks and protect these devices and systems from malware. Hackers can use a number of tactics to get viruses onto your computer or network. If they are successful, the consequences could be extremely damaging, from crashing the device to spying through webcams and monitoring personal accounts. When you're working with client data, this could be devastating on several levels. Hackers may use viruses to steal anything from account log-ins to financial data, which can then be used to carry out identity theft, phishing scams and other nefarious acts. Having the latest antivirus software installed will prevent any attacks or viruses from getting through.

In Summary

This list of security tips provides a strong foundation for tax professionals to get started with protecting sensitive data and client information, not only to protect their clients but also to maintain a reputation as a responsible business. Alongside having the right software installed, keeping passwords and log-ins secure and protecting networks with VPNs, it's also essential that staff follow best practices, such as being mindful of scam emails, not clicking on suspicious links and flagging any issues to your IT department as soon as they're spotted before they cause damage.


« Go Back to Articles

Articles Archive

Event Listings

Listings for the leading worldwide conferences and events in accounting, investment, banking and finance, transfer pricing, corporate taxation and more...
See Event Listings »